Ublsoftware ResIOT 跨站脚本漏洞

Ublsoftware ResIOT is a web server and IoT platform from Italian company ResIOT. A security vulnerability exists in Ublsoftware ResIOT versions prior to 4.1.1000114, which stems from an attacker being able to implement multiple cross-site scripts via form fields...

CVE-2022-34020

The CVE-2022-34020 entry concerns ResIOT IOT Platform + LoRaWAN Network Server (up to version 4.1.1000114). A Cross Site Request Forgery (CSRF) vulnerability could allow an attacker to add new admin users, with other unspecified impacts mentioned across sources. Reported impact severity is high (...

CVE-2022-35135

CVE-2022-35135 affects Boodskap IoT Platform v4.4.9-02. A crafted request to /api/user/upsert/ can escalate privileges (network, low attack complexity, low privileges required, no user interaction). The CVSSv3.1 base score is 8.8 (HIGH) with impacts to confidentiality, integrity, and availability...

CVE-2022-34021

Multiple Cross Site Scripting XSS vulnerabilities in ResIOT IOT Platform + LoRaWAN Network Server through 4.1.1000114 via the form fields...

CVE-2022-34022

SQL injection vulnerability in ResIOT IOT Platform + LoRaWAN Network Server through 4.1.1000114 via a crafted POST request to /ResiotQueryDBActive...

CVE-2022-34021

CVE-2022-34021 affects ResIOT IOT Platform + LoRaWAN Network Server up to version 4.1.1000114, with multiple XSS vulnerabilities exploitable via form fields. Reported severity CVSS v3.1 base score 5.4 (Medium). Remediation guidance in PT-Security PR notes a fix-containing version, but no specific...

CVE-2022-34020

Cross Site Request Forgery CSRF vulnerability in ResIOT ResIOT IOT Platform + LoRaWAN Network Server through 4.1.1000114 allows attackers to add new admin users to the platform or other unspecified impacts...

CVE-2022-34021

Multiple Cross Site Scripting XSS vulnerabilities in ResIOT IOT Platform + LoRaWAN Network Server through 4.1.1000114 via the form fields...

CVE-2022-34022

CVE-2022-34022 is a SQL injection in the ResIOT IOT Platform + LoRaWAN Network Server up to version 4.1.1000114, exploitable via a crafted POST to /ResiotQueryDBActive. The vulnerability affects the API handling input to that endpoint, leading to potential unauthorized data access or modification...

CVE-2022-35135

Boodskap IoT Platform v4.4.9-02 allows attackers to escalate privileges via a crafted request sent to /api/user/upsert/...

PT-2022-21973 · Unknown · Resiot Iot Platform +1

Name of the Vulnerable Software and Affected Versions: ResIOT IOT Platform + LoRaWAN Network Server versions through 4.1.1000114 Description: The issue is related to a SQL injection vulnerability. It can be exploited via a crafted POST request to the "/ResiotQueryDBActive" API endpoint. This allo...

CVE-2022-35134

Boodskap IoT Platform v4.4.9-02 contains a cross-site scripting XSS vulnerability...

CVE-2022-31861

Cross site Scripting XSS in ThingsBoard IoT Platform through 3.3.4.1 via a crafted value being sent to the audit logs...

CVE-2022-31861

Cross site Scripting XSS in ThingsBoard IoT Platform through 3.3.4.1 via a crafted value being sent to the audit logs...

CVE-2022-31861

Cross site Scripting XSS in ThingsBoard IoT Platform through 3.3.4.1 via a crafted value being sent to the audit logs...

Cross site scripting

Cross site Scripting XSS in ThingsBoard IoT Platform through 3.3.4.1 via a crafted value being sent to the audit logs...

CVE-2022-31861

CVE-2022-31861 is an XSS vulnerability in ThingsBoard IoT Platform up to version 3.3.4.1, exploitable by sending a crafted value to audit logs. Root cause involves unsanitized input in audit-logging paths, enabling cross-site scripting. Affected product/versions are ThingsBoard IoT Platform befor...

CVE-2022-31861

Cross site Scripting XSS in ThingsBoard IoT Platform through 3.3.4.1 via a crafted value being sent to the audit logs...

PT-2022-20962 · Unknown · Thingsboard Iot Platform

Name of the Vulnerable Software and Affected Versions: ThingsBoard IoT Platform versions prior to 3.3.4.1 Description: The issue is related to Cross Site Scripting XSS in the ThingsBoard IoT Platform. It occurs when a crafted value is sent to the audit logs, potentially allowing malicious actions...

CVE-2021-41278

EdgeX Foundry CVE-2021-41278 affects the app-functions-sdk-go (and related EdgeX components) where the AES transform is broken in encryption, allowing potential decryption of data for users who enable AES in their pipelines. Affected releases rely on a flawed AES implementation; the AES transform...